[strongSwan-dev] RFC 6054 support with HA plugin
Emeric POUPON
emeric.poupon at stormshield.eu
Fri Mar 30 17:14:44 CEST 2018
Hello,
I am concerned about AES-GCM issues related to segment responsibility changes (see https://tools.ietf.org/html/rfc6311#section-3.4)
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards states RFC6454 is supported.
Could you please provide more details about it?
As far as I understand, each member of the cluster should have a unique SID assigned and use this SID when emitting packets from the kernel stack.
This raises several questions:
- how does the userland set the sid in the kernel?
- how is the sid is computed so that it is unique within the cluster? How many bits are reserved for this sid?
Regards,
Emeric
More information about the Dev
mailing list